From b80fff1dfa6d7a102aa42745863d068561832eb0 Mon Sep 17 00:00:00 2001 From: Marja van Waes Date: Mon, 27 Jan 2014 08:53:26 +0100 Subject: - New msecgui.xml written by lebarhon - updated mcc-help.pot --- docs/mcc-help/en/msecgui.xml | 360 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 351 insertions(+), 9 deletions(-) (limited to 'docs/mcc-help/en') diff --git a/docs/mcc-help/en/msecgui.xml b/docs/mcc-help/en/msecgui.xml index e9a8ccf3..2a4b14ba 100644 --- a/docs/mcc-help/en/msecgui.xml +++ b/docs/mcc-help/en/msecgui.xml @@ -1,18 +1,360 @@ -
+
- MSEC: System Security and Auditmsecgui + MSEC: System Security and Audit + + msecgui + + + + - + - This page hasn't been written yet for lack of resources. If you think - you can write this help, please contact the Doc team. Thanking you in advance. + + +
+ Presentation + + msecgui is a graphic user interface for msec that allows to + configure your system security according to two approaches: + + + + It sets the system behaviour, msec imposes modifications to the + system to make it more secure. + + + It carries on periodic checks automatically on the system in + order to warn you if something seems dangerous. + + + msec uses the concept of "security levels" which are intended to + configure a set of system permissions, which can be audited for changes or + enforcement. Several of them are proposed by Mageia, but you can define + your own customised security levels. +
+ +
+ Overview tab + + See the screenshot above + + The first tab takes up the list of the different security tools with + a button on the right side to configure them: + + + + Firewall, also found in the MCC / Security / Set up your + personal firewall + + + + Updates, also found in MCC / Software Management / Update your + system + + + + msec itself with some information: + + + + enabled or not + + + + the configured Base security level + + + + the date of the last Periodic checks and a button to see a + detailed report and another button to execute the checks just + now. + + + + +
+ +
+ Security settings tab + + A click on the second tab or on the Security + Configure button leads to the same screen shown + below. + + + + + + + + + +
+ Basic security tab + + + Security levels: + + + After having checked the box Enable MSEC + tool, this tab allows you by a double click to choose the + security level that appears then in bold. If the box is not checked, the + level « none » is applied. The following levels are available: + + + + Level none. This level is + intended if you do not want to use msec to control system security, + and prefer tuning it on your own. It disables all security checks + and puts no restrictions or constraints on system configuration and + settings. Please use this level only if you are knowing what you are + doing, as it would leave your system vulnerable to attack. + + + Level standard. This is the + default configuration when installed and is intended for casual users. + It constrains several system settings and executes daily security + checks which detect changes in system files, system accounts, and + vulnerable directory permissions. (This level is similar to levels 2 + and 3 from past msec versions). + + + Level secure. This level is + intended when you want to ensure your system is secure, yet usable. + It further restricts system permissions and executes more periodic + checks. Moreover, access to the system is more restricted. (This + level is similar to levels 4 (High) and 5 (Paranoid) from old msec + versions). + + + Besides those levels, different task-oriented security are + also provided, such as the fileserver, webserver and netbook levels. Such levels attempt to + pre-configure system security according to the most common use + cases. + + The last two levels called audit_daily and audit_weekly are not really security levels but + rather tools for periodic checks only. + + + These levels are saved in + etc/security/msec/level.<levelname>. You can + define your own customised security levels, saving them into specific + files called level.<levelname>, placed into + the folder etc/security/msec/. This function is + intended for power users which require a customised or more secure + system configuration. + + Keep in mind that user-modified parameters take precedence over + default level settings. + + + Security alerts: + + + If you check the box Send security alerts by email + to:, the security alerts generated by msec are going to be + sent by local e-mail to the security administrator named in the nearby + field. You can fill either a local user or a complete e-mail address + (the local e-mail and the e-mail manager must be set accordingly). At + last, you can receive the security alerts directly on your desktop. + Check the relevant box to enable it. + + It is strongly advisable to enable the security alerts option + in order to immediately inform the security administrator of possible + security problems. If not, the administrator will have to regularly + check the logs files available in + /var/log/security. + + Security options: + + Creating a customised level is not the only way to customise the + computer security, it is also possible to use the tabs presented here + after to change any option you want. Current configuration for msec is + stored in /etc/security/msec/security.conf. This + file contains the current security level name and the list of all the + modifications done to the options. +
+ +
+ System security tab + + This tab displays all the security options on the left side + column, a description in the centre column, and their current values on + the right side column. + + + + + + + + To modify an option, double click on it and a new window appears + (see screenshot below). It displays the option name, a short + description, the actual and default values, and a drop down list where + the new value can be selected. Click on the OK + button to validate the choice. + + +
+ + + + + + + +
+ + + Do not forget when leaving msecgui to save definitively your + configuration using the menu File -> Save the + configuration. If you have changed the settings, msecgui + allows you to preview the changes before saving them. + + +
+ + + + + + + +
+ +
+ +
+ Network security + + This tab displays all the network options and works like the + previous tab + + + + + + +
+ +
+ Periodic checks tab + + Periodic checks aim to inform the security administrator by means + of security alerts of all situations msec thinks potentially + dangerous. + + This tab displays all the periodic checks done by msec and their + frequency if the box Enable periodic security + checks is checked. Changes are done like in the previous + tabs. + + + + + + +
+ +
+ Exceptions tab + + Sometimes alert messages are due to well known and wanted + situations. In these cases they are useless and wasted time for the + administrator. This tab allows you to create as many exceptions as you + want to avoid unwanted alert messages. It is obviously empty at the + first msec start. The screenshot below shows four exceptions. + + + + + + + + To create an exception, click on the Add a + rule button + + + + + + + + Select the wanted periodic check in the drop down list called + Check and then, enter the + Exception in the text area. Adding an exception is + obviously not definitive, you can either delete it using the + Delete button of the + Exceptions tab or modify it with a double + clicK. +
+ +
PermissionsThis tab is intended for file and + directory permissions checking and enforcement.Like for the + security, msec owns different permissions levels (standard, secure, ..), + they are enabled accordingly with the chosen security level. You can + create your own customised permissions levels, saving them into specific + files called perm.<levelname> placed into the + folder etc/security/msec/. This function is intended + for power users which require a customised configuration. It is also + possible to use the tab presented here after to change any permission you + want. Current configuration is stored in + /etc/security/msec/perms.conf. This file contains the + list of all the modifications done to the permissions. + + + + Default permissions are visible as a list of rules + (a rule per line). You can see on the left side, the file or folder + concerned by the rule, then the owner, then the group and then the + permissions given by the rule. If, for a given rule: + + the box Enforce is not checked, msec only + checks if the defined permissions for this rule are respected and + sends an alert message if not, but does not change anything. + + + the box Enforce is checked, then msec + will rule the permissions respect at the first periodic check and + overwrite the permissions. + For this to work, the option CHECK_PERMS in + the Periodic check tab must be configured + accordingly.To create a new rule, click on the Add + a rule button and fill the fields as shown in the example + below. The joker * is allowed in the File field. + “current” means no modification. + + + + Click on the OK button to + validate the choice and do not forget when leaving to save definitively + your configuration using the menu File -> Save the + configuration. If you have changed the settings, msecgui allows + you to preview the changes before saving them. It is also + possible to create or modify the rules by editing the configuration file + /etc/security/msec/perms.conf. + Changes in the Permission + tab (or directly in the configuration file) are taken into + account at the first periodic check (see the option CHECK_PERMS in the + Periodic checks tab). If you want them to + be taken immediately into account, use the msecperms command in a console + with root rights. You can use before, the msecperms -p command to know the + permissions that will be changed by msecperms.Do not + forget that if you modify the permissions in a console or in a file + manager, for a file where the box Enforce is checked + in the Permissions tab, msecgui will + write the old permissions back after a while, accordingly to the + configuration of the options CHECK_PERMS and CHECK_PERMS_ENFORCE in the + Periodic Checks tab.
+
+ + You can start this tool from the command line, by typing msecgui as root. - You can start this tool from the - command line, by typing msecgui as - root. -
+ +
\ No newline at end of file -- cgit v1.2.1